Cyber Incident Victim: Fidelity National Financial
Date:
Nov 2023
Location:
United States of America
Summary
A cyberattack disrupted Fidelity National Financial's operations, prompting an investigation and containment measures including blocking access to certain systems. This impacted services related to title insurance, escrow, mortgage transactions, and real estate technology, causing delays in scheduled closings and forcing agents and homebuyers to seek alternatives. The company's majority-owned subsidiary remained unaffected. An unauthorized third party accessed some systems and acquired credentials, leading to reports of a full network shutdown to mitigate the incident. Law enforcement was notified, and external experts were engaged as the investigation continued.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Fidelity National Financial (FNF) experienced a cyberattack discovered on November 19, 2023, prompting immediate containment actions and operational disruptions. The company disclosed the incident in a November 21 SEC filing, confirming it initiated an investigation promptly after detection, engaged cybersecurity experts, and notified law enforcement. As part of containment measures, FNF blocked access to specific systems, intentionally disrupting core business services to limit the attack's spread. This action impacted title insurance, escrow services, mortgage transaction processing, and technology platforms serving real estate and mortgage industry clients. The company clarified that its majority-owned subsidiary F&G Annuities & Life remained unaffected. Preliminary investigation findings indicated an unauthorized third party had accessed certain FNF systems and obtained credentials, though the full scope remained under assessment at the time of reporting.
The containment strategy caused significant service interruptions, particularly affecting real estate closings and transaction processing. TechCrunch reported on November 22 that scheduled real estate closings were halted, citing an earlier Real Estate News story describing agents and homebuyers scrambling for alternatives after being notified systems would remain unavailable until November 26. Sources familiar with FNF's response described a network-wide shutdown, including email systems, as part of server remediation efforts at the company's Jacksonville facilities. One IT professional at an FNF-affiliated organization characterized the situation as "all locked up." While the attack's origin and attacker identity remained undisclosed, the incident occurred amid broader industry challenges documented in a PYMNTS Intelligence report, which noted a doubling of cyberattacks targeting large financial institutions between 2022 and 2023. FNF's ongoing investigation focused on determining the extent of system access and credential compromise without specifying recovery timelines beyond initial service restoration estimates.